OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: [Dailydave] Announcing the Zero Day Initiative

From: Frank Knobbe (frankknobbe.us)
Date: Mon Jul 25 2005 - 20:58:29 CDT


On Tue, 2005-07-26 at 00:53 +0100, MindsX wrote:
> ... whereas this is more of a marketing ploy
> by 3Com to get into the 0day race against various private
> consultancies

I don't think that is the motivation. The motivation, I believe, is that
just the fact of having such a unit can be used greatly in advertising.
"Come here, prospects, we buy 0-days and can protect you from stuff
others can't". Of course there is no visibility on which exploits are
really in the bag since that would be akin to unzipping your
intellectual property fly. No one can verify that is indeed a valid
0-day since that information is closely guarded. Or do you think they
pay money and then, in an act of sudden goodwill, give it for free to
the public?

And so the client believes he gets more for free....what other choice
does he have than to believe it? Potential buyers don't know, and have
no means of verifying the quality or quantity of said miraculous 0-days.

What neither iDefense nor 3Com understands is that:
a) 0-days are used to embarrass/harass/tease/shame vendors by writing
worms and deface web sites or subvert services (pseudo political
statements),
b) 0-days are used in hacker neighborhood turfwars, to collect and build
a larger zombie army in order to defeat the rival gang in the next town
(adolescent rivalry),
c) 0-days are used in interesting explorations of world-wide connected
systems (perhaps in search of UFO evidence...*chuckle*) (curiosity)
d) 0-days are used to provide income either through the rent of botnets
for spam distribution or DDoS assistance in the ever-so-popular
extortion schemes (real profit).

Why on earth would anyone want to waste a 0-day on a company that barely
pays a couple thousand for it? That's where the old, stale, used and
discovered (but perhaps not publicized) 0-days go to. In essence
iDefense and 3Com are trashcans that old 0-days get thrown into. You
don't really think they get first-class material that is still being
used for a) through d), do you? :)

And 3Com/iDefense know that. But that's okay, that's not why they want
them for. It's only for marketing (see above).

Cheers,
Frank

_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
https://lists.immunitysec.com/mailman/listinfo/dailydave